Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials in December 2020, and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm KELA. It detects and analyzes intelligence from a curated set of Darknet sources, providing clients with fully targeted intelligence decided to investigate the top 25 publicly listed companies in the sector based on revenue.

Kela found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020. After scouring dark web marketplaces, it discovered a thriving market in-network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year. Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.